Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Algorithm Validation Program

CAVP Testing: Block Ciphers

Algorithm Specifications

Algorithm specifications for current FIPS-approved and NIST-recommended block cipher algorithms are available from the Cryptographic Toolkit.

Current testing includes the following algorithms:

AES

TDES

Skipjack


Algorithm Validation Testing Requirements

Block Ciphers

 

Advanced Encryption Standard Algorithm (AES)

The Advanced Encryption Standard Algorithm Validation System(AESAVS) specifies validation testing requirements for the ECB(Electronic Codebook), CBC (Cipher Block Chaining), OFB (Output Feedback), CFB (Cipher Feedback) and CTR (Counter) modes for the AES algorithm from SP 800-38A.

Testing Notes

 

Triple Data Encryption Standard Algorithm (TDES)

ThNIST Special Publication 800-20, Modes of Operation Validation System for the Triple Data Encryption Algorithm (TMOVS): Requirements and Procedures specifies validation testing requirements for the ECB(Electronic Codebook), CBC (Cipher Block Chaining), OFB (Output Feedback), CFB (Cipher Feedback) and CTR (Counter) modes for the Triple DES algorithm from SP800-38A. In addition, there are variants of the CBC, CFB, and OFB modes of Triple DES that use interleaving or pipelining.

An additional test, the Multi-block Message Test (MMT), is also required.

Testing Notes

  • As of 1-1-2016, TDES KO2 encrypt is no longer compliant. TDES KO2 decrypt is allowed for legacy use only. (See SP800-131A Revision 1.)

 

Skipjack Algorithm

NIST Special Publication 800-17, Modes of Operation Validation System (MOVS): Requirements and Procedures specifies validation testing requirements for the Skipjack algorithm.

Testing Notes

As of January 2011, the CAVP only validates Skipjack decryption implementations for legacy use. Please see SP800-131A Revision 1, Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, for more information.

The validation test suite for Skipjack implementations using the decrypt state consists of the Modes test for the Decryption Process, the Variable Ciphertext Known Answer Test and the Variable Key Known Answer Test for the Decryption Process. Based on the Skipjack modes of operation implemented, SP800-17 Section 5 indicates the tests required to validate an implementation of the Skipjack Algorithm.

NIST Special Publication 800-17 erroneously states the Initial Permutation KAT for the Decryption Process is also required for Skipjack validation. This is not true.

Back to Top

Validation Lists

Block cipher implementations validated by NIST are found on the AES, TDES and Skipjack Validation Lists:

Back to Top

Test Vectors

Response files (.rsp): the test vectors are properly formatted in response (.rsp) files. Vendor response files must match this format exactly.

Intermediate results files (.txt): files with intermediate results (.txt) are supplied to help with debugging. For the Monte Carlo test, the output for each of the first five (5) iterations of the 10,000 as well as the final (10,000th) output are given. The intermediate values are indented by one tab and clearly identified by use of the word "Intermediate".

The test vectors linked below can be used to informally verify the correctness of block cipher algorithm implementations using the validation systems listed above.

Use of these test vectors does not replace validation obtained through the CAVP.

Algorithm Test Vectors
AES

AES Known Answer Test (KAT) Vectors

AES Monte Carlo Test (MCT) Sample Vectors

AES Monte Carlo Test (MCT) Intermediate Values

AES Multiblock Message Test (MMT) Sample Vectors

TDES

Triple DES Known Answer Test (KAT) Vectors

Triple-DES Monte Carlo Test (MCT) Sample Vectors

Triple-DES Monte Carlo Test (MCT) Intermediate Values

Triple-DES Multiblock Message Test (MMT) Sample Vectors

Back to Top

Created October 05, 2016, Updated April 11, 2018